egghelp.org community Forum Index
[ egghelp.org home | forum home ]
egghelp.org community
Discussion of eggdrop bots, shell accounts and tcl scripts.
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Ban or gline/kline users connecting from IPs in the list.

 
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests
View previous topic :: View next topic  
Author Message
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 13

PostPosted: Wed Jul 08, 2020 6:41 pm    Post subject: Ban or gline/kline users connecting from IPs in the list. Reply with quote

Hello everyone, I have a huge list of IPs in .txt format that I would like to be blocked(gline/kline) in my Unrealircd server by eggdrop. So, basically I want a script where the eggdrop would oper up and see/scan if the user is connecting from the IPs in the list (ips.txt).

Can someone help me into this?

Thank you!
_________________
Nepal chat
India chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory

PostPosted: Thu Jul 09, 2020 12:43 am    Post subject: Reply with quote

Post an example of an user connecting to the network to see the syntax.
_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1032
Location: France

PostPosted: Thu Jul 09, 2020 12:44 am    Post subject: Reply with quote

Bad idea imho.
Unrealircd can manage that directly with the ban blocks, it will be more efficient.
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
simo
Owner


Joined: 22 Mar 2015
Posts: 941

PostPosted: Thu Jul 09, 2020 8:48 am    Post subject: Reply with quote

its unreal5 caesar

syntax is:

for ssl
*** Client connecting: NICK (IDENT@HOST) [IP] {clients} [secure ECDHE-RSA-AES256-GCM-SHA384]

for non ssl
*** Client connecting: NICK (IDENT@HOST) [IP] {clients}


there is another thing ive seen his list it also has cidr ranges

im not sure how that would compare against connecting IPS wich are normal IPS

he asked me to help basically he wants to decrease the ammount of vpn ips used to connect as they are mainly used for abuse

for example:

for ipv6:
2a0a:5ec0::/29

for ipv4:
2.56.16.0/22
Back to top
View user's profile Send private message
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory

PostPosted: Thu Jul 09, 2020 9:29 am    Post subject: Reply with quote

Ah, then CrazyCat is right. Should do this on the server end via a module or something than rely on a bot that reads a text file each time someone connects.

Can't you recommend some modules simo?
_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
simo
Owner


Joined: 22 Mar 2015
Posts: 941

PostPosted: Thu Jul 09, 2020 12:15 pm    Post subject: Reply with quote

that was the first thing i thought of caesar but the thing is there isnt such a monitoring tool yet for vpn monitoring else of course that would be prefered as crazycat already mentioned there is only the usual dnsbl monitoring wich doesnt including vpn or not by design anyway
Back to top
View user's profile Send private message
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory

PostPosted: Fri Jul 10, 2020 12:43 am    Post subject: Reply with quote

Well, the role of the VPN is to make the person behind it be somewhat anonymous, so on your server it could look like someone nice or some prick that's in for some trouble. Until he/she takes the first action you can't really tell who's who.

So, bottom line is that if you get too much abuse from the same VPN provider then just gline it.
_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1032
Location: France

PostPosted: Fri Jul 10, 2020 1:57 am    Post subject: Reply with quote

We had a discussion in urealircd forum concerning VPN: https://forums.unrealircd.org/viewtopic.php?f=54&t=8970
_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
TimeRider
Voice


Joined: 07 Jul 2020
Posts: 13

PostPosted: Wed Jul 15, 2020 8:01 pm    Post subject: Reply with quote

Finally, my thread got some replies.

Thanks simo, That's the right user connecting syntax (ssl and non-ssl) for UnrealIRCD.

caesar: Actually someone has really abused my IRC server using VPNs. It's really getting in the nerves.

CrazyCat: I went through that discussion too. It was not much of help as the module requested was not made. Also, as you said, the UnrealIRCD ban blocks would be hectic to put all the ips creating the block for each. Or, is there a way to make the UnrealIRCD ban block read the list?

I really thought Eggdrop could do this task at ease as it is one of the powerful IRC bot I have seen so far.
_________________
Nepal chat
India chat
Pakistan chat
Indian chat
Back to top
View user's profile Send private message Visit poster's website
ComputerTech
Master


Joined: 22 Feb 2020
Posts: 393

PostPosted: Wed Jul 15, 2020 8:38 pm    Post subject: Reply with quote

Did you try using the options of the unrealircd config ?

Not doubting you or anything, but just saying there is some handy stuff in there Very Happy
_________________
ComputerTech
Back to top
View user's profile Send private message Send e-mail Visit poster's website
CrazyCat
Revered One


Joined: 13 Jan 2002
Posts: 1032
Location: France

PostPosted: Thu Jul 16, 2020 2:39 am    Post subject: Reply with quote

TimeRider wrote:
Also, as you said, the UnrealIRCD ban blocks would be hectic to put all the ips creating the block for each. Or, is there a way to make the UnrealIRCD ban block read the list?

I really thought Eggdrop could do this task at ease as it is one of the powerful IRC bot I have seen so far.


If you have a file with all IPs, you can simply modify it with a good text editor (as notepad++ or pspad), or sed, to create an unrealircd comprehensive file that you'll include in your conf.
Just replace:
Code:
^(.*)$

with:
Code:
ban user { mask *@$1; reason "Denied IP"; };

(note that it may be $1 or \1 depending on the editor you use).

If you want to manage it with eggdrop:
Code:
set fi [open "ips.txt" "r"]
set ips [read -nonewline $fi]
close $fi
foreach ip [split $ips "\n"] {
   putserv "gzline *@$ip +0 :Denied IP"
}

_________________
https://www.eggdrop.fr - French IRC network
Offer me a coffee - Do not ask me help in PM, we are a community.
Back to top
View user's profile Send private message Visit poster's website
caesar
Mint Rubber


Joined: 14 Oct 2001
Posts: 3741
Location: Mint Factory

PostPosted: Thu Jul 16, 2020 3:55 am    Post subject: Reply with quote

If your server is on Linux I would go with a different approach: firewall.

I would first create an IP set with ipset (replace blacklist with whatever you want):
Code:

ipset create blacklist hash:net

tell iptables to drop any connection from any IP that is in this blacklist set:
Code:

iptables -I PREROUTING -t raw -m set --match-set blacklist src,dst -j DROP

and populate the blacklist with data by telling it to flush previous (if any) data and load stuff from a text file:
Code:

ipset flush blacklist
ipset restore -! < blacklist.txt

The blacklist.txt file has to be in this format:
Code:

create blacklist hash:net family inet hashsize 8192 maxelem 65536
add badips x.x.x.x
add badips x.x.x.x
add badips x.x.x.x
and so on

I got something similar (repo on Github) for script kiddies that keep on trying to brute-force their way in my server via the SSH service.

If you don't want to use this and want to stick with an eggdrop then I would proly use something like:
Code:

proc lookup {str} {
   set match 0
   set fh [open "blacklist.txt" "r"]
   set data [read -nonewline $fh]
   close $fh
   foreach line $data {
      if {[string equal $line $str]} {
         incr match
         break
      }
   }
   return $match
}

and trigger the glines when and if needed.
Code:

bind join * join:check
proc join:check {nick uhost hand chan} {
   scan $uhost {%[^@]@%s} user host
   if {[lookup $host]} {
      # add the gline line
   }
}

_________________
Once the game is over, the king and the pawn go back in the same box.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    egghelp.org community Forum Index -> Script Requests All times are GMT - 4 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Forum hosting provided by Reverse.net

Powered by phpBB © 2001, 2005 phpBB Group
subGreen style by ktauber